github.com/blend/go-sdk@v1.20220411.3/sanitize/request_test.go (about) 1 /* 2 3 Copyright (c) 2022 - Present. Blend Labs, Inc. All rights reserved 4 Use of this source code is governed by a MIT license that can be found in the LICENSE file. 5 6 */ 7 8 package sanitize 9 10 import ( 11 "net/http" 12 "net/url" 13 "testing" 14 15 "github.com/blend/go-sdk/assert" 16 ) 17 18 func TestSanitizeRequest(t *testing.T) { 19 it := assert.New(t) 20 21 req := &http.Request{ 22 Header: http.Header{ 23 "Accept": {"application/json"}, 24 "Authorization": {"Bearer foo", "Bearer bar"}, 25 "X-Secret-Token": {"super_secret_token"}, 26 }, 27 URL: &url.URL{ 28 Scheme: "http", 29 Host: "example.com", 30 Path: "/api/sensitive", 31 RawQuery: (url.Values{ 32 "ok": {"ok0", "ok1"}, 33 "access_token": {"super_secret"}, 34 "sensitive": {"sensitive0", "sensitive1"}, 35 }).Encode(), 36 }, 37 } 38 39 sanitizer := NewRequestSanitizer( 40 OptRequestAddDisallowedHeaders("X-Secret-Token"), 41 OptRequestAddDisallowedQueryParams("sensitive"), 42 OptRequestKeyValuesSanitizer(KeyValuesSanitizerFunc(func(key string, values ...string) []string { 43 return []string{"***"} 44 })), 45 ) 46 output := sanitizer.Sanitize(req) 47 48 it.NotNil(output) 49 it.Equal([]string{"application/json"}, req.Header["Accept"]) 50 it.Equal([]string{"***"}, output.Header["Authorization"]) 51 it.Equal([]string{"Bearer foo", "Bearer bar"}, req.Header["Authorization"]) 52 it.Equal([]string{"***"}, output.Header["X-Secret-Token"]) 53 54 it.Equal([]string{"***"}, output.URL.Query()["access_token"]) 55 it.Equal([]string{"***"}, output.URL.Query()["sensitive"]) 56 }